Troubleshooting Smart Card Plug and Play Issues

After installing or upgrading to Windows 7, smart card Plug and Play detection may not work as expected, and a user or local administrator needs to find and resolve problems that prevent smart card Plug and Play detection on Windows 7 from functioning correctly.

Before you begin troubleshooting smart card Plug and Play, you should ensure that you can provide administrative credentials. You should also understand smart card solutions that are not compatible with Plug and Play and how smart cards work with Remote Desktop connections.

You must be a member of the local Administrators group on the Windows 7–based computer on which you are troubleshooting smart card issues or know the user name and password of a local administrator account. If you are not logged on with an administrator account, you must provide administrator credentials to perform many of the tasks in this guide.

Smart card Plug and Play only supports smart cards that require drivers to function. Not all smart card solutions require drivers for integrating with Windows. These solutions do not use the Windows Smart Card Framework and must be installed on the computer before using the smart card for the first time.

The following solutions are not compatible with smart card Plug and Play:

Some multislot smart card readers that create only one device for all available slots in the smart card reader.

Each time a smart card is inserted in the computer, Windows attempts to download and install the smart card driver if it is not already available on the computer. You may see a Plug and Play error when you insert a non-Plug and Play smart card on the computer. This does not necessarily mean that there is a problem with the smart card.

If your deployment uses only non-Plug and Play smart card solutions, smart card Plug and Play can be disabled by a local administrator on a client computer. Disabling smart card Plug and Play prevents smart card drivers, also known as smart card mini-drivers, from downloading and prevents smart card Plug and Play prompts.

On a client computer, click Start, type gpedit.msc in the Search programs and files box, and then press ENTER.

In the console tree under Computer Configuration, click Administrative Templates.

In the details pane, double-click Windows Components, and then double-click Smart Card.

Right-click Turn on Smart Card Plug and Play service, and then click Edit.

Click Disabled, and then click OK.

For enterprise deployments, smart card Plug and Play can be disabled by deploying a Group Policy. For information about administrative templates, see Administrative templates overview for GPMC (http://go.microsoft.com/fwlink/?LinkId=152390).

Important

For commercial deployments that target end-users (such as online banking) and environments that include both Plug and Play and non-Plug and Play smart cards, using Group Policy to disable Plug and Play for smart cards is strongly discouraged because it will affect all the smart cards in your environment.

Smart card Plug and Play works only for local sessions on a computer. The smart card driver must be installed on the local computer before attempting to use smart cards with Remote Desktop connections. The driver can be installed by inserting a Plug and Play–compatible smart card in a smart card reader on the local computer or by manually installing the driver. For information about manually installing drivers, see Manually Install a Smart Card Driver in this guide.